Obtain the OAuth token

After your application has OAuth client and IFS CE authorization server details, you can obtain the OAuth tokens.

  1. Send an Authorization Code Request to the IFS authorization server.
    Initiate the process of obtaining the OAuth token by sending an authorization code request to the IFS CE authorization server. This is an HTTP GET or POST request to the authorization endpoint with these parameters:
    client_id
    Specify the OAuth client ID specific to your application.
    redirect_uri
    Specify the URL where the IFS CE authorization server sends the code upon user consent. This must be the same URL as registered in IFS CE during integration.
    response_type=code
    Specify the IFS authorization server to send the authorization code upon user consent.
  2. Resource Owner (User) Authentication and Consent (IFS CE functionality).
    The IFS CE authorization server works with the IFS CE Federation Hub to authenticate the user/resource owner and get user consent to release the claims to your app. If the user approves sharing claims with your application, then the IFS CE authorization server releases the authorization code to your application.
  3. Exchange the authorization code for an access token and refresh token.

    By using the token endpoint of IFS CE authorization server, exchange the authorization code for an OAuth access token and refresh token. Send these parameters as Content-Type "application/x-www-form-urlencoded"

    client_id
    Specify the OAuth client ID specific to your application.
    client_secret
    Specify the OAuth client secret received while acquiring OAuth client details.
    grant_type=authorization_code
    Specify the hint authorization server about the grant type being used.
    redirect_uri
    Specify the URL where the authorization server sends the access token. This URL must match the URL registered in ION API CE/IFS CE during integration.
    code
    Specify the authorization code sent by the authorization server in the previous step.
  4. In exchange, the authorization server provides these parameters:
    • token_type- This is the type of token issued, for example, Bearer.
    • expires_in - This is the validity period of the access token.
    • refresh_token - This is the refresh token to be used to renew the expired access token.
    • access_token - This is the token to be used for accessing protected resources.